lkft/linux-mainline-master - v6.16-rc5-38-g733923397fd9 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper

Date

July 8, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64

[   19.233384] ==================================================================
[   19.233498] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.233979] Write of size 1 at addr fff00000c64c60eb by task kunit_try_catch/160
[   19.234049] 
[   19.234138] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.234247] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.234275] Hardware name: linux,dummy-virt (DT)
[   19.234351] Call trace:
[   19.234380]  show_stack+0x20/0x38 (C)
[   19.234554]  dump_stack_lvl+0x8c/0xd0
[   19.234602]  print_report+0x118/0x608
[   19.234797]  kasan_report+0xdc/0x128
[   19.234842]  __asan_report_store1_noabort+0x20/0x30
[   19.234897]  krealloc_more_oob_helper+0x60c/0x678
[   19.235242]  krealloc_large_more_oob+0x20/0x38
[   19.235323]  kunit_try_run_case+0x170/0x3f0
[   19.235461]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.235872]  kthread+0x328/0x630
[   19.236066]  ret_from_fork+0x10/0x20
[   19.236241] 
[   19.236284] The buggy address belongs to the physical page:
[   19.236314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.236403] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.236451] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.236502] page_type: f8(unknown)
[   19.236540] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.237042] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.237147] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.237383] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.237609] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.237799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.237887] page dumped because: kasan: bad access detected
[   19.237943] 
[   19.237961] Memory state around the buggy address:
[   19.237993]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.238046]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.238095] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.238141]                                                           ^
[   19.238190]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.238231]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.238276] ==================================================================
[   19.240594] ==================================================================
[   19.240794] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.240880] Write of size 1 at addr fff00000c64c60f0 by task kunit_try_catch/160
[   19.241262] 
[   19.241307] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.241387] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.241413] Hardware name: linux,dummy-virt (DT)
[   19.241611] Call trace:
[   19.241645]  show_stack+0x20/0x38 (C)
[   19.241879]  dump_stack_lvl+0x8c/0xd0
[   19.242025]  print_report+0x118/0x608
[   19.242103]  kasan_report+0xdc/0x128
[   19.242302]  __asan_report_store1_noabort+0x20/0x30
[   19.242471]  krealloc_more_oob_helper+0x5c0/0x678
[   19.242736]  krealloc_large_more_oob+0x20/0x38
[   19.242887]  kunit_try_run_case+0x170/0x3f0
[   19.243074]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.243212]  kthread+0x328/0x630
[   19.243265]  ret_from_fork+0x10/0x20
[   19.243330] 
[   19.243379] The buggy address belongs to the physical page:
[   19.243416] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064c4
[   19.243472] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.243832] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.243999] page_type: f8(unknown)
[   19.244041] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.244243] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.244412] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   19.244674] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   19.244768] head: 0bfffe0000000002 ffffc1ffc3193101 00000000ffffffff 00000000ffffffff
[   19.244819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   19.245007] page dumped because: kasan: bad access detected
[   19.245140] 
[   19.245174] Memory state around the buggy address:
[   19.245207]  fff00000c64c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.245251]  fff00000c64c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.245293] >fff00000c64c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   19.245352]                                                              ^
[   19.245401]  fff00000c64c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.245452]  fff00000c64c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   19.245489] ==================================================================
[   19.162602] ==================================================================
[   19.163169] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678
[   19.163240] Write of size 1 at addr fff00000c454cceb by task kunit_try_catch/156
[   19.163290] 
[   19.163324] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.163403] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.163481] Hardware name: linux,dummy-virt (DT)
[   19.163773] Call trace:
[   19.163862]  show_stack+0x20/0x38 (C)
[   19.163916]  dump_stack_lvl+0x8c/0xd0
[   19.163963]  print_report+0x118/0x608
[   19.164009]  kasan_report+0xdc/0x128
[   19.164054]  __asan_report_store1_noabort+0x20/0x30
[   19.164408]  krealloc_more_oob_helper+0x60c/0x678
[   19.164562]  krealloc_more_oob+0x20/0x38
[   19.164712]  kunit_try_run_case+0x170/0x3f0
[   19.164767]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.165170]  kthread+0x328/0x630
[   19.165251]  ret_from_fork+0x10/0x20
[   19.165687] 
[   19.165774] Allocated by task 156:
[   19.165807]  kasan_save_stack+0x3c/0x68
[   19.166044]  kasan_save_track+0x20/0x40
[   19.166145]  kasan_save_alloc_info+0x40/0x58
[   19.166548]  __kasan_krealloc+0x118/0x178
[   19.166743]  krealloc_noprof+0x128/0x360
[   19.166959]  krealloc_more_oob_helper+0x168/0x678
[   19.167134]  krealloc_more_oob+0x20/0x38
[   19.167451]  kunit_try_run_case+0x170/0x3f0
[   19.167506]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.167557]  kthread+0x328/0x630
[   19.167591]  ret_from_fork+0x10/0x20
[   19.167639] 
[   19.167668] The buggy address belongs to the object at fff00000c454cc00
[   19.167668]  which belongs to the cache kmalloc-256 of size 256
[   19.167734] The buggy address is located 0 bytes to the right of
[   19.167734]  allocated 235-byte region [fff00000c454cc00, fff00000c454cceb)
[   19.167796] 
[   19.167814] The buggy address belongs to the physical page:
[   19.167856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.167932] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.167979] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.168030] page_type: f5(slab)
[   19.168078] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.168127] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.168684] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.168752] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.168802] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.169065] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.169255] page dumped because: kasan: bad access detected
[   19.169509] 
[   19.169705] Memory state around the buggy address:
[   19.169933]  fff00000c454cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.170036]  fff00000c454cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.170130] >fff00000c454cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.170179]                                                           ^
[   19.170461]  fff00000c454cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.172214]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.172272] ==================================================================
[   19.175080] ==================================================================
[   19.175131] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678
[   19.175256] Write of size 1 at addr fff00000c454ccf0 by task kunit_try_catch/156
[   19.177999] 
[   19.178224] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.178329] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.178357] Hardware name: linux,dummy-virt (DT)
[   19.178395] Call trace:
[   19.178426]  show_stack+0x20/0x38 (C)
[   19.178477]  dump_stack_lvl+0x8c/0xd0
[   19.178523]  print_report+0x118/0x608
[   19.178568]  kasan_report+0xdc/0x128
[   19.178661]  __asan_report_store1_noabort+0x20/0x30
[   19.179066]  krealloc_more_oob_helper+0x5c0/0x678
[   19.179125]  krealloc_more_oob+0x20/0x38
[   19.179184]  kunit_try_run_case+0x170/0x3f0
[   19.179234]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.180947]  kthread+0x328/0x630
[   19.181085]  ret_from_fork+0x10/0x20
[   19.181224] 
[   19.181242] Allocated by task 156:
[   19.181269]  kasan_save_stack+0x3c/0x68
[   19.181471]  kasan_save_track+0x20/0x40
[   19.181509]  kasan_save_alloc_info+0x40/0x58
[   19.181748]  __kasan_krealloc+0x118/0x178
[   19.181822]  krealloc_noprof+0x128/0x360
[   19.181859]  krealloc_more_oob_helper+0x168/0x678
[   19.182241]  krealloc_more_oob+0x20/0x38
[   19.182451]  kunit_try_run_case+0x170/0x3f0
[   19.182528]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.182627]  kthread+0x328/0x630
[   19.182752]  ret_from_fork+0x10/0x20
[   19.182843] 
[   19.182865] The buggy address belongs to the object at fff00000c454cc00
[   19.182865]  which belongs to the cache kmalloc-256 of size 256
[   19.182942] The buggy address is located 5 bytes to the right of
[   19.182942]  allocated 235-byte region [fff00000c454cc00, fff00000c454cceb)
[   19.183228] 
[   19.183287] The buggy address belongs to the physical page:
[   19.183356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10454c
[   19.183522] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.183607] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.183724] page_type: f5(slab)
[   19.183838] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.183975] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.184133] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   19.184196] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.184268] head: 0bfffe0000000001 ffffc1ffc3115301 00000000ffffffff 00000000ffffffff
[   19.184315] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   19.184581] page dumped because: kasan: bad access detected
[   19.184715] 
[   19.184822] Memory state around the buggy address:
[   19.184892]  fff00000c454cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.185025]  fff00000c454cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.185083] >fff00000c454cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   19.185155]                                                              ^
[   19.185292]  fff00000c454cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.185362]  fff00000c454cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.185398] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zc2fAgxa2SvAeue0jkCQWn7vUV

job_id

TEST:linaro@lkft#2zc2kP8qq1eGtg0vZPMgeaFOibs

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zc2kP8qq1eGtg0vZPMgeaFOibs

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2gsJeEJv3OObdyYWW7vaSUjE/Image.gz
sha256sum	4295dd3f8a9104f192ab48fe03e9799ce1a72a725e4e680194f6f3244902a569

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2gsJeEJv3OObdyYWW7vaSUjE/modules.tar.xz
sha256sum	798a67f8b1be586b3f0cd90eea157ad905fdc7ec29b6c056fb912c6626a9d1b6

durations

tests

boot	0
kunit	171.06

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   12.281812] ==================================================================
[   12.282410] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.282800] Write of size 1 at addr ffff8881029760f0 by task kunit_try_catch/178
[   12.283063] 
[   12.283293] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.283334] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.283345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.283363] Call Trace:
[   12.283375]  <TASK>
[   12.283388]  dump_stack_lvl+0x73/0xb0
[   12.283415]  print_report+0xd1/0x650
[   12.283437]  ? __virt_addr_valid+0x1db/0x2d0
[   12.283459]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.283481]  ? kasan_addr_to_slab+0x11/0xa0
[   12.283511]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.283535]  kasan_report+0x141/0x180
[   12.283556]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.283585]  __asan_report_store1_noabort+0x1b/0x30
[   12.283622]  krealloc_more_oob_helper+0x7eb/0x930
[   12.283644]  ? __schedule+0x10cc/0x2b60
[   12.283665]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.283690]  ? finish_task_switch.isra.0+0x153/0x700
[   12.283712]  ? __switch_to+0x47/0xf50
[   12.283736]  ? __schedule+0x10cc/0x2b60
[   12.283757]  ? __pfx_read_tsc+0x10/0x10
[   12.283780]  krealloc_large_more_oob+0x1c/0x30
[   12.283803]  kunit_try_run_case+0x1a5/0x480
[   12.283826]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.283849]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.283871]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.283895]  ? __kthread_parkme+0x82/0x180
[   12.283916]  ? preempt_count_sub+0x50/0x80
[   12.283988]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.284012]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.284037]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.284061]  kthread+0x337/0x6f0
[   12.284080]  ? trace_preempt_on+0x20/0xc0
[   12.284103]  ? __pfx_kthread+0x10/0x10
[   12.284123]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.284144]  ? calculate_sigpending+0x7b/0xa0
[   12.284167]  ? __pfx_kthread+0x10/0x10
[   12.284188]  ret_from_fork+0x116/0x1d0
[   12.284206]  ? __pfx_kthread+0x10/0x10
[   12.284227]  ret_from_fork_asm+0x1a/0x30
[   12.284258]  </TASK>
[   12.284267] 
[   12.292736] The buggy address belongs to the physical page:
[   12.292968] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.293427] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.293816] flags: 0x200000000000040(head|node=0|zone=2)
[   12.294318] page_type: f8(unknown)
[   12.294533] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.294804] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.295335] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.295848] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.296196] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.296531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.296868] page dumped because: kasan: bad access detected
[   12.297162] 
[   12.297306] Memory state around the buggy address:
[   12.297464]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.297792]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.298058] >ffff888102976080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.298566]                                                              ^
[   12.298907]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.299181]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.299497] ==================================================================
[   12.078461] ==================================================================
[   12.079042] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.079383] Write of size 1 at addr ffff888100aab0eb by task kunit_try_catch/174
[   12.079908] 
[   12.080023] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.080067] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.080079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.080098] Call Trace:
[   12.080109]  <TASK>
[   12.080222]  dump_stack_lvl+0x73/0xb0
[   12.080255]  print_report+0xd1/0x650
[   12.080307]  ? __virt_addr_valid+0x1db/0x2d0
[   12.080330]  ? krealloc_more_oob_helper+0x821/0x930
[   12.080354]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.080387]  ? krealloc_more_oob_helper+0x821/0x930
[   12.080411]  kasan_report+0x141/0x180
[   12.080433]  ? krealloc_more_oob_helper+0x821/0x930
[   12.080462]  __asan_report_store1_noabort+0x1b/0x30
[   12.080487]  krealloc_more_oob_helper+0x821/0x930
[   12.080520]  ? __schedule+0x10cc/0x2b60
[   12.080541]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.080566]  ? finish_task_switch.isra.0+0x153/0x700
[   12.080588]  ? __switch_to+0x47/0xf50
[   12.080624]  ? __schedule+0x10cc/0x2b60
[   12.080645]  ? __pfx_read_tsc+0x10/0x10
[   12.080668]  krealloc_more_oob+0x1c/0x30
[   12.080689]  kunit_try_run_case+0x1a5/0x480
[   12.080713]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.080736]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.080759]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.080782]  ? __kthread_parkme+0x82/0x180
[   12.080801]  ? preempt_count_sub+0x50/0x80
[   12.080824]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.080847]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.080871]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.080895]  kthread+0x337/0x6f0
[   12.080913]  ? trace_preempt_on+0x20/0xc0
[   12.080974]  ? __pfx_kthread+0x10/0x10
[   12.080994]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.081015]  ? calculate_sigpending+0x7b/0xa0
[   12.081038]  ? __pfx_kthread+0x10/0x10
[   12.081059]  ret_from_fork+0x116/0x1d0
[   12.081077]  ? __pfx_kthread+0x10/0x10
[   12.081097]  ret_from_fork_asm+0x1a/0x30
[   12.081128]  </TASK>
[   12.081138] 
[   12.090303] Allocated by task 174:
[   12.090439]  kasan_save_stack+0x45/0x70
[   12.090586]  kasan_save_track+0x18/0x40
[   12.090790]  kasan_save_alloc_info+0x3b/0x50
[   12.091152]  __kasan_krealloc+0x190/0x1f0
[   12.091392]  krealloc_noprof+0xf3/0x340
[   12.091533]  krealloc_more_oob_helper+0x1a9/0x930
[   12.091821]  krealloc_more_oob+0x1c/0x30
[   12.092234]  kunit_try_run_case+0x1a5/0x480
[   12.092444]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.092739]  kthread+0x337/0x6f0
[   12.092868]  ret_from_fork+0x116/0x1d0
[   12.092999]  ret_from_fork_asm+0x1a/0x30
[   12.093152] 
[   12.093248] The buggy address belongs to the object at ffff888100aab000
[   12.093248]  which belongs to the cache kmalloc-256 of size 256
[   12.094146] The buggy address is located 0 bytes to the right of
[   12.094146]  allocated 235-byte region [ffff888100aab000, ffff888100aab0eb)
[   12.094725] 
[   12.094886] The buggy address belongs to the physical page:
[   12.095195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa
[   12.095588] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.095825] flags: 0x200000000000040(head|node=0|zone=2)
[   12.096000] page_type: f5(slab)
[   12.096147] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.096780] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.097229] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.097709] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.098112] head: 0200000000000001 ffffea000402aa81 00000000ffffffff 00000000ffffffff
[   12.098537] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.098862] page dumped because: kasan: bad access detected
[   12.099032] 
[   12.099100] Memory state around the buggy address:
[   12.099578]  ffff888100aaaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.099902]  ffff888100aab000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.100254] >ffff888100aab080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.100607]                                                           ^
[   12.100963]  ffff888100aab100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.101308]  ffff888100aab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.101686] ==================================================================
[   12.260663] ==================================================================
[   12.261391] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930
[   12.261913] Write of size 1 at addr ffff8881029760eb by task kunit_try_catch/178
[   12.262330] 
[   12.262517] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.262562] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.262573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.262592] Call Trace:
[   12.262616]  <TASK>
[   12.262633]  dump_stack_lvl+0x73/0xb0
[   12.262664]  print_report+0xd1/0x650
[   12.262686]  ? __virt_addr_valid+0x1db/0x2d0
[   12.262708]  ? krealloc_more_oob_helper+0x821/0x930
[   12.262731]  ? kasan_addr_to_slab+0x11/0xa0
[   12.262751]  ? krealloc_more_oob_helper+0x821/0x930
[   12.262775]  kasan_report+0x141/0x180
[   12.262796]  ? krealloc_more_oob_helper+0x821/0x930
[   12.262824]  __asan_report_store1_noabort+0x1b/0x30
[   12.262849]  krealloc_more_oob_helper+0x821/0x930
[   12.262871]  ? __schedule+0x10cc/0x2b60
[   12.262894]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.262918]  ? finish_task_switch.isra.0+0x153/0x700
[   12.262942]  ? __switch_to+0x47/0xf50
[   12.262967]  ? __schedule+0x10cc/0x2b60
[   12.262987]  ? __pfx_read_tsc+0x10/0x10
[   12.263201]  krealloc_large_more_oob+0x1c/0x30
[   12.263227]  kunit_try_run_case+0x1a5/0x480
[   12.263253]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.263276]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.263299]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.263323]  ? __kthread_parkme+0x82/0x180
[   12.263343]  ? preempt_count_sub+0x50/0x80
[   12.263365]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.263389]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.263412]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.263437]  kthread+0x337/0x6f0
[   12.263455]  ? trace_preempt_on+0x20/0xc0
[   12.263479]  ? __pfx_kthread+0x10/0x10
[   12.263501]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.263522]  ? calculate_sigpending+0x7b/0xa0
[   12.263546]  ? __pfx_kthread+0x10/0x10
[   12.263567]  ret_from_fork+0x116/0x1d0
[   12.263585]  ? __pfx_kthread+0x10/0x10
[   12.263616]  ret_from_fork_asm+0x1a/0x30
[   12.263646]  </TASK>
[   12.263656] 
[   12.274401] The buggy address belongs to the physical page:
[   12.275255] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102974
[   12.275574] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.276105] flags: 0x200000000000040(head|node=0|zone=2)
[   12.276396] page_type: f8(unknown)
[   12.276575] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.276980] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.277402] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   12.277765] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   12.278076] head: 0200000000000002 ffffea00040a5d01 00000000ffffffff 00000000ffffffff
[   12.278591] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   12.278903] page dumped because: kasan: bad access detected
[   12.279175] 
[   12.279276] Memory state around the buggy address:
[   12.279460]  ffff888102975f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.279717]  ffff888102976000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.280040] >ffff888102976080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[   12.280374]                                                           ^
[   12.280720]  ffff888102976100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.280961]  ffff888102976180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   12.281321] ==================================================================
[   12.102161] ==================================================================
[   12.102432] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930
[   12.102928] Write of size 1 at addr ffff888100aab0f0 by task kunit_try_catch/174
[   12.103363] 
[   12.103454] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.103496] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.103508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.103528] Call Trace:
[   12.103546]  <TASK>
[   12.103563]  dump_stack_lvl+0x73/0xb0
[   12.103592]  print_report+0xd1/0x650
[   12.103626]  ? __virt_addr_valid+0x1db/0x2d0
[   12.103648]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.103671]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.103694]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.103720]  kasan_report+0x141/0x180
[   12.103741]  ? krealloc_more_oob_helper+0x7eb/0x930
[   12.103770]  __asan_report_store1_noabort+0x1b/0x30
[   12.103830]  krealloc_more_oob_helper+0x7eb/0x930
[   12.103853]  ? __schedule+0x10cc/0x2b60
[   12.103912]  ? __pfx_krealloc_more_oob_helper+0x10/0x10
[   12.103993]  ? finish_task_switch.isra.0+0x153/0x700
[   12.104018]  ? __switch_to+0x47/0xf50
[   12.104043]  ? __schedule+0x10cc/0x2b60
[   12.104064]  ? __pfx_read_tsc+0x10/0x10
[   12.104089]  krealloc_more_oob+0x1c/0x30
[   12.104111]  kunit_try_run_case+0x1a5/0x480
[   12.104137]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.104161]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.104186]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.104239]  ? __kthread_parkme+0x82/0x180
[   12.104259]  ? preempt_count_sub+0x50/0x80
[   12.104282]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.104316]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.104340]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.104365]  kthread+0x337/0x6f0
[   12.104383]  ? trace_preempt_on+0x20/0xc0
[   12.104405]  ? __pfx_kthread+0x10/0x10
[   12.104425]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.104446]  ? calculate_sigpending+0x7b/0xa0
[   12.104470]  ? __pfx_kthread+0x10/0x10
[   12.104491]  ret_from_fork+0x116/0x1d0
[   12.104518]  ? __pfx_kthread+0x10/0x10
[   12.104538]  ret_from_fork_asm+0x1a/0x30
[   12.104569]  </TASK>
[   12.104578] 
[   12.114074] Allocated by task 174:
[   12.114344]  kasan_save_stack+0x45/0x70
[   12.114571]  kasan_save_track+0x18/0x40
[   12.114776]  kasan_save_alloc_info+0x3b/0x50
[   12.114992]  __kasan_krealloc+0x190/0x1f0
[   12.115253]  krealloc_noprof+0xf3/0x340
[   12.115483]  krealloc_more_oob_helper+0x1a9/0x930
[   12.115717]  krealloc_more_oob+0x1c/0x30
[   12.115878]  kunit_try_run_case+0x1a5/0x480
[   12.116237]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.116514]  kthread+0x337/0x6f0
[   12.116682]  ret_from_fork+0x116/0x1d0
[   12.116881]  ret_from_fork_asm+0x1a/0x30
[   12.117366] 
[   12.117452] The buggy address belongs to the object at ffff888100aab000
[   12.117452]  which belongs to the cache kmalloc-256 of size 256
[   12.117947] The buggy address is located 5 bytes to the right of
[   12.117947]  allocated 235-byte region [ffff888100aab000, ffff888100aab0eb)
[   12.118527] 
[   12.118689] The buggy address belongs to the physical page:
[   12.118950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aaa
[   12.119311] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.119640] flags: 0x200000000000040(head|node=0|zone=2)
[   12.120076] page_type: f5(slab)
[   12.120259] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.120495] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.120864] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   12.121282] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.121577] head: 0200000000000001 ffffea000402aa81 00000000ffffffff 00000000ffffffff
[   12.121975] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   12.122778] page dumped because: kasan: bad access detected
[   12.123129] 
[   12.123201] Memory state around the buggy address:
[   12.123431]  ffff888100aaaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.124103]  ffff888100aab000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.124463] >ffff888100aab080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[   12.124898]                                                              ^
[   12.125185]  ffff888100aab100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.125491]  ffff888100aab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.125825] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zc2fAgxa2SvAeue0jkCQWn7vUV

job_id

TEST:linaro@lkft#2zc2lcTBxJmBkRbP0LsmwuesywD

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zc2lcTBxJmBkRbP0LsmwuesywD

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2iJmK5AZxQbPUBI8eOknzMTx/bzImage
sha256sum	0d11f4c26ab10e31dc6843de35281b4bf95f794a4482d9f9237ddfa45c7c3f59

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zc2iJmK5AZxQbPUBI8eOknzMTx/modules.tar.xz
sha256sum	a7139be3f3122145b6b24141429c87c9bb7bea3073266108fb33100dce65d51a

durations

tests

boot	0
kunit	218.66

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit